Bug 1937203

Summary:	katello-tracer-upload: command not found when executed via remote execution using effective user other than root.
Product:	Red Hat Satellite	Reporter:	Prakash Ghadge <pghadge>
Component:	katello-tracer	Assignee:	Jeremy Lenz <jlenz>
Status:	CLOSED ERRATA	QA Contact:	visawant
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	6.8.0	CC:	ahumbe, chrobert, jlenz, paji, pghadge, rlavi, sbible, visawant
Target Milestone:	6.15.0	Keywords:	Patch, Triaged
Target Release:	Unused
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2024-04-23 17:10:41 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Prakash Ghadge 2021-03-10 06:49:16 UTC

Description of problem:

Tracer job fails with the following error when executed via remote execution  using an effective user other than root
~~~
 1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
   2:
Exit status: 127
~~~

Version-Release number of selected component (if applicable):

Satellite 6.8.3

How reproducible:

Steps to Reproduce:

1. Setup the remote execution using the following document for a non-root user.
  https://access.redhat.com/solutions/2650071
2. Go to administer > Settings > Remote execution > Change Effective user to non-root user configured in step 1.
3. Update a few packages on the client connected to the satellite.
4. Now go the host > Content Host > open the host on which packages are updated > Traces > Select service which needs restart > Restart Selected
5. The job will fail with the error command not found.


Actual results:

The job fails with the following error.
~~~
 1:
/var/tmp/foreman-ssh-cmd-77db4879-1eff-4a61-a071-8d5207db0e6d/script: line 2: katello-tracer-upload: command not found
   2:
Exit status: 127
~~~

Expected results:

The job should complete with the exit status 0.


Additional info:

The reason for failure when the effective user is other than the root is the binary location of the katello-tracer-upload command which is /usr/sbin. To execute any binary from  /sbin or /usr/sbin, root privileges are required.

Solution 1 -

- Change the location of binary to /usr/bin so that any user with access privileges can execute it.

Solution 2-

- When we try to restart the service using traces, it runs the following commands.
~~~
sudo systemctl restart chronyd
katello-tracer-upload
~~~

- As you can see, the katello-tracer-upload is executing without sudo but the restart service is running with the sudo privileges.

- If we make the katello-tracer-upload command run with sudo, then any non-root user can run it. This is easily achievable by simply editing the "Restart Services - Katello SSH Default" template. I managed to work around the issue by editing the template as follows.
~~~
<%
commands = input(:helper).split(',').map { |split| split.strip }
reboot = commands.delete('reboot')
-%>
<%= commands.join("\n") %>
sudo katello-tracer-upload         
<% if reboot -%>
<%= render_template('Power Action - SSH Default', action: 'restart') %>
<% end %>
~~~
- Just added the sudo in line number 6. This will work with root user also but not sure whether this acceptable approach or not.

Comment 1 Brad Buckingham 2022-11-03 21:47:07 UTC

Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in a month. This message may be a repeat of a previous update and the bug is again being considered to be closed. If you have any concerns about this, please contact your Red Hat Account team.  Thank you.

Comment 3 Jeremy Lenz 2023-10-06 19:26:11 UTC

Created redmine issue https://projects.theforeman.org/issues/36808 from this bug

Comment 4 Bryan Kearney 2023-10-06 20:01:10 UTC

Upstream bug assigned to jlenz

Comment 5 Bryan Kearney 2023-10-06 20:01:12 UTC

Upstream bug assigned to jlenz

Comment 6 Bryan Kearney 2023-10-12 16:01:16 UTC

Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36808 has been resolved.

Comment 12 errata-xmlrpc 2024-04-23 17:10:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.15.0 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2010